Posted
by
CmdrTacoon Thursday January 15, 2009 @09:43AM
from the security-tools-yeah-right dept.

MojoKid writes "Russian-based ElcomSoft has just released ElcomSoft Wireless Security Auditor 1.0, which can take advantage of both Nvidia and ATI GPUs.
ElcomSoft claims that the software uses a 'proprietary GPU acceleration technology,' which implies that neither CUDA, Stream, nor OpenCL are being utilized in this instance. At its heart, what ElcomSoft Wireless Security Auditor does is perform brute-force dictionary attacks of WPA and WPA2 passwords. If an access point is set up using a fairly insecure password that is based on dictionary words, there is a higher likelihood that a password can be guessed. ElcomSoft positions the software as a way to 'audit' wireless network security."

But brute force-password guessing isn't a problem if you a choose a long enough password with a large enough character set - letters, numbers, symbols. My WPA password is larger than 15 characters. Good luck without a Beowulf cluster of those -- and even then, it better have a LOT of those GPUs.

I hadn't heard that, but a totally random 63 character password would be ideal, yes. Note that I didn't say how much greater it is than 15.;) But anything over 15 characters is probably secure enough for most home users.

But anything over 15 characters is probably secure enough for most home users.

15 characters using the full set of letters/numbers/symbols on your keyboard works out to ~98 bits of entropy. That's probably sufficient. I usually use at least 20 characters (~131 bits) but that's probably just my paranoia. If you are worried about somebody breaking a password that secure then you have bigger problems than your neighbor using your wi-fi connection. In this case I hope you are paying your team of armed guards well and trust that they won't betray you;)

Maybe I'm dense, but how the hell does flooding a wireless card with brute force dictionary attacks bottleneck on computation speed? You create your dictionary, once, you stick it on a hard drive, you stream it at your target through the wireless networking card, you wait.

This product seems like a bunch of bullshit to me. Even if they did come up with some particularly clever algorithm for creating more effective dictionaries and speed it up GPUs, there's no need to recreate a dictionary every time you're doing a brute force attack.

Elcomsoft Wireless Security Auditor works completely in off-line, undetectable by the Wi-Fi network being probed, by analyzing a dump of network communications in order to attempt to retrieve the original WPA/WPA2-PSK passwords in plain text.

TFA is misunderstanding the way the app functions, it listens to the network until a certain amount of information has been sent, then attempts to decrypt that data locally. Sending wave after wave of login attempts is easily detectable and would almost certainly bottleneck somewhere at the network level before CPU.

You intercept a few packets of data from the wireless network and save them. Then, you bugger off to your evil lair, and set about trying to crack them with your dictionary list.

But the algorithm that WPA uses is non-reversible. It's also run 4096 times.So to crack it, you take the first line in your dictionary, throw in the network's SSID (this is included for better security. Passphrase: 12345 will hash differently on a network named linksys than it will on a network nam

I'm fairly certain the SSID can be sniffed from captured network traffic.
MAC filtering and DHCP limits only prevent an attacker from associating with your network (and the former can be circumvented fairly easily); they don't prevent an attacker from eavesdropping. However, if your password is >50 random characters, that will make a dictionary attack extraordinarily difficult.

No organization on earth is going to be able to brute force a 15 character password (over 98 bits as you mention) made of randomly generated printable ASCII characters. Not for decades.

Even brute forcing 8 characters (over 52 bits) would require a modestly funded organization. Breaking your WPA key just wouldn't be worth the thousands of dollars to do it. It would be much easier to pick your locks while you are away at work and read the key directly from the router's memory.

Strong passwords / keys for WPA is not much of a burden. You only have to enter the damm things once. I use a random 32 character hex string as my key. I wrote it down and stored it in a known location. I also have it stored in an old USB drive in a text file. I have to enter it far more than most people, as I dogfood WIndows releases, flattening my notebook each time. Thus I have to reinitialize it for my home WPA network each time I rebuild it. I am not worrying about brute force attacks against 128 bit k

The old (very old) password cracking programs I've played with allow the user to set up rules to guide guesses. You'd fill out a series of patterns, and if possible base them on passwords you know your target has used in the past. For example, I knew a friend commonly substituted digit 1 for letter i, so added a rule of s/i/1/ to the list of modifications to dictionary words. (I eventually found his password was k3rm1t.)

Like most things, the answer of "is your security weaker" is "it depends". You ce

Well, that's an old one. It has no real effect on what my new password currently is. That thing is like... 2 years old?

The point is, if you didn't know that info - that it's a movie quote, etc. - and you're completely blind, would there really be much of a noticeable difference? Could it be quantified in time necessary to crack it?

To modify that old "make the other guy die for his country" quote, I don't necessarily want to aim to make my wireless secure, just way more secure than my neighbor's. Why hop ont

/dev/random is the reason you were getting short keys.using/dev/urandom about 50 times didnt give any short keys

if you insist on using/dev/random, not really much point as you can just change your keys if the algorithm is found wanting, then you have to check that there is enough entropy "cat/proc/sys/kernel/random/entropy_avail" before you run it

The default locale values on my US mac are "en_US.UTF-8". Per the tr man page on OS X:

ENVIRONMENT The LANG, LC_ALL, LC_CTYPE and LC_COLLATE environment variables affect the execution
of tr as described in environ(7).

When LC_CTYPE has a UTF-8 encoding, tr requires that the input byte stream be well-formed UTF-8; not all random byte strings adhere to this. In the working example, I set LC_CTYPE to "C", which one can think of as "binary, with no encoding".

I question the wisdom of relying on a third party website to generate passwords for you. At least they are using ssl but how do you know they aren't keeping those passwords? How do you know they are generating them with real entropy?

Diceware [std.com] is a better bet, IMHO. You can generate them offline and with a good set of dice you get real entropy. You can use the instructions on that webpage to generate totally random passwords or to generate passwords with words in them that are easy to remember but still pretty secure/random.

I question the wisdom of relying on a third party website to generate passwords for you. At least they are using ssl but how do you know they aren't keeping those passwords? How do you know they are generating them with real entropy?

If you are worried about it, but still don't want (or for some reason, can't) generate a random character string locally, you could always have the website generate several passwords, then combine them yourself in some random way. For instance, you could swap blocks from eac

If you're worried about the source or transmission channel being compromised (or malicious) you've just inserted *several* bits of entropy. A good password needs 64 bits or more if you want to protect against this sort of attack. A presumed compromised source of random data supplies zero bits of entropy. This is really something you need to do on your own machine, if not manually. Rolling dice just isn't that hard.

For something like a WPA passphrase (it's not really the key) the actual amount of "randomness" isn't important provided whatever you use isn't in whatever dictionary the attacker is using. Once the dictionary attack is exhausted they're going to have to move onto simple one-by-one testing, and being "more random" or "less random" has no real meaning. Eventually they'll hit the right one, it's just a matter of how long that takes, which is a matter of luck and what order they test them in:)

Modern guessers start modifying the dictionary and evaluating things in a prioritized order based on how far away they are from it. Until your password bears no visible relationship to the dictionary, you're too close; it's not just a simple in vs out question. If you care about your password, you need to make a serious evaluation of how many bits of entropy it contains, and assume the attacker can guess in a priority order that will limit its effectiveness to that many bits. If you only have 30 bits of

Oh I agree, I think maybe I wasn't clear. Obviously your password has to look *nothing* like anything in the dictionary, that's a given. I was just saying that using one prng vs another slightly more random one won't make a lot of difference. You don't need a cryptographically strong rng for generating a passphrase.

That said, a cryptographically strong rng won't hurt. KeePass includes one, and is good for storing all those passwords,/dev/random is one if you just need to generate them. When they're that easy to get and use, why not use one?

Then why add it in the first place?There are now some compatibility problems, due to any program designed for win2k or xp pre sp2 which used raw sockets...And yes, 2k did have it so at least 1 previous version.

He's right. DDoS bots do have more power, now. The Internet also has more power. And the script kiddies that were doing DDoS attacks have now moved on to legitimate jobs, or to writing more insidious malware. In the meantime, large scale DDoS attacks seem to have fallen out of favour with the cracker crowd.

But, just because it's not being abused currently doesn't mean it's not going to be abused, or can't be abused.

isn't a good password.Most Brute Force attacks are a little smarter then 1,2,3,.....,ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZLets go threw the dictionary first (Caps on, Caps Off and caps with the first letter and without it).Lets go threw the dictionary and followed by numbers between 0,99999999Do the same with the numbers prefix the dictionary word.Try Numeric Combinations.Try Alpha Combinations.Finally try every

If you follow such a formula black hats know more about your password than if you don't, so their brute force attacks from 10,000 node botnets just got exponentially faster. You made the key space smaller when you eliminated all possible passwords that do not contain letters, numbers, symbols and mixed case.

My password is also not based on a dictionary word and means something only to me.

That's a far better strategy.

Myself, I ignore all "rules" and "formulas" for password generation and use 64 characters or more for important passwords. Until this became possible (I'm old) I always use

Russian-based ElcomSoft has just released ElcomSoft Wireless Security Auditor 1.0...

"Just" released? Like, a month [arstechnica.com] ago? Or was that just the announcement?
I think the key point with all this, though, is just don't use dictionary words in your passwords... for anything... ever. The same company makes software for all kinds of password systems, so just don't do it.

without dictionary words being involved, cracking is still quite intensive: perhaps three months to crack a lowercase-only random eight-character password using a PC with two Nvidia GTX 280 video cards.

People who whine about these being "irresponsible" or "bad for security" always seem to forget that the bad guys may already have written stuff like this and are putting it to use. By publishing this software, it makes everyone aware that it's never safe to turn a blind eye to poor security practices.

If some security manager reads this, goes back to work, and says "OK, change all our WPA passwords, our current ones may not be secure", he will be making a real improvement to his network. He might even be locking out an existing hacker in the process.

"If some security manager reads this, goes back to work, and says "OK, change all our WPA passwords, our current ones may not be secure", he will be making a real improvement to his network. He might even be locking out an existing hacker in the process."

"If some security manager reads this, goes back to work, and says "OK, change all our WPA passwords, our current ones may not be secure", he will be making a real improvement to his network. He might even be locking out an existing hacker in the process."

Until 3 hours later when THAT password is now cracked.

Lather. Rinse. Repeat.

Or then implement WPA2 enterprise that authenticates against your Active Directory or RADIUS domain with blacklisting against MAC addresses that aren't registered to that user.

People who whine about these being "irresponsible" or "bad for security" always seem to forget that the bad guys may already have written stuff like this and are putting it to use. By publishing this software, it makes everyone aware that it's never safe to turn a blind eye to poor security practices.

Absolutely. However, they also make it easy for casual attackers. Never underestimate a horde of script kiddies with a good script.

so should we ban the sale of lock picking kits, books, and locksmithing educational resources? after all, such information can help criminals as much as they help legitimate professionals.

the way to ensure security is to test the system rigorously, not to discourage the testing of such systems. and the best way to facilitate such security auditing is for the security community to share information and penetration testing resources with one another and foster public discourse.

My point is that horde is acting as the advertisement and providing the impetus for getting the problems fixed. But the problems are never created by the tools, they're just exacerbated by them.

That's why we should celebrate these cracks, and take advantage of them. If my boss sees a news article that says "Hackers crack bad WPA passwords", I know he'll email me asking me to tell him how we generate our passwords. If I say, "I opened the dictionary to a random page and wrote down the first three words

If some security manager reads this, goes back to work, and says "OK, change all our WPA passwords, our current ones may not be secure", he will be making a real improvement to his network. He might even be locking out an existing hacker in the process.

Until 10 minutes later the CEO calls the head of IT and has them change the WAP password back to Password1 so he can log in. It's nearly a known fact that managers can't type passwords longer than 8 characters successfully. 16 character or longer passwords b

Unless, of course he's planning to do something bad, in which case, he would also have to break into the logging system and remove his brute force attempts and fake his mac address among others (which I know is not hard to do). But after all, if something done is that bad, I'm guessing investigators can always check the neighbors in the event of an investigation.

The bruteforce is done offline. The only thing you need to bruteforce WPA is a handshake that you can obtain by sniffing passively. There is no

Not releasing the tools is why we have such big problems. There are bugs identified all the time, but vendors routinely ignore them or just sit on the patches. That means anyone else smart enough to figure out the bugs can abuse them until the vendor issues the fixes.

The way things effectively get fixed right now is the (good) hackers give advance notice to the vendors, but they also let the vendors know when they're going public with the flaw. When they go public, they have to demonstrate the bug with

First off, does this kind of approach work against any rationally designed secure software? All that would seem to be needed to defeat this is for the the login procedure to have a few seconds of delay before it responds yes or no, and no speedup in the guessing will help. This is why we have shadow password files, right? Or have I just been using *nix too long?

Also, I've seen people using GPUs in all sorts of non-graphics computation environments for some time now. When push comes to shove, is this j

...to run 'generic' GPU applications. They just make things simpler for people not used to working with GPUs. Back in 2005 (can't recall) I wrote a computer vision algorithm (a simple multi-gaussian system) that uploaded live security video as a set of conglomerated images in a given texture size and output motion maps, just using early pixel shaders on an ATI 9700PRO (old even at the time.) It wasn't hard, although faking arrays via textures was a pain in the rear.;)

The real problem is using WPA with pre-shared keys - that's what this can really do some damage with. That, and they used it to set up a fake root CA. Um, this is almost a month old. WTF? Slashdot: Where you hear it last!

To be honest, I doubt it's difficult to write a proprietary shader without a GPU programming language for this since the GPU really only can be used to offload the hash computation (using the PSK and passphrase). The real trick is packing and passing data (say passwords) to that shader for processing efficiently, and that could be done in a variety of ways (e.g. stuffing them in a texture or a vertex buffer object).

The real limitation is probably the network interface once you have an efficient way of gene

Isn't there a way of taking a prime number and converting it to ascii?
I'm not a software guy, so I use to go to computer services (when I was in uni) and get them to generate a password for me. I have accumulated 8 passwords. Now I just rotate through them. Is this a good idea? Cheers for any advice.

I tested this program for a upcoming show and I really liked it. The cost is high for most regular folks, so it is geared more towards Government/Commercial. For a nice open source option, I also recommend Pyrit. I had a few issues importing Aircrack files, but most of those have been resolved.

... does is perform brute-force dictionary attacks of WPA and WPA2 passwords.

I tried using a non brute force dictionary attack on an encryption key once. I just tried every third word in the dictionary. It didn't seem to work as well as trying them all. In other words, there are brute force attacks and there are dictionary attacks, but there are no brute force dictionary attacks.

now you tested those passwphrase using a dictionary attack and they failed. So you know for sure these are not the passphrase. They can then be removed from the brute force efforts so you don't test the same thing twice.

May I suggest adding a reference to the GPL-licenced software pyrit [google.com] in the summary? It might be useful for people to know that a) Elcomsoft is not the first to implement this and b) a free software implementation exists (currently only for NVIDIA, but they are planning ATI support).

One of their tech guys was on the CUDA programming forum, so I assume they used CUDA for NVIDIA. Not sure why the article assumes that the "proprietary process" assumes the interface language is proprietary. I assumed it meant their method/algorithm was proprietary (given the fact that they patented it, they probably want to make it seem unique).

What's illegal about it? If you're using it against your own network to test the strenght of your settings, I see nothing wrong with that. The question isn't why can they sell this legally, but why WOULDN'T they be able to do so? Given that any tool can always be used in bad ways, I don't think that should be enough to outlaw the tool itself.

They live in a culture that has more commercial freedom than yours, apparently. Given that they are in Russia, that's a sad commentary on wherever you live.

why? just because they claim to be an 'auditor' means they can profit from a cracker?

Because it's a tool. You can cave people's heads in with a hammer, you can assassinate the pope with a kitchen knife. They are tools, they have no moral dimension. Even a thumbscrew can be used for moral purposes, such as a doorstop that keeps cute fuzzy puppies from running on to train tracks.

Effective tools amplify your ability to do things you want to do. They don't make it necessary or possible for you to commit crimes; your will and your circumstances are what makes you a criminal.

I have used wifi crackers to audit networks in my workplace with the full knowledge of my employer. I have never used one to commit a crime, ever. It's just a tool.

Problem is, that's why gun control works. A gun turns a violent impulse at a bar from a beating into a shooting. Fewer guns statistically, fewer beatings turn into shootings. As long as the gun control is effective and not just punishing law-abiding users, of course.